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(57) Abstract 

Methods are disclosed for gathering information from different sources to be used to automatically fill in online forms. The information 
is collected using a persona of an individual. A persona is created by filtering a larger set of raw data for that user so that only certain fields 
are allowed to be seen and used by others. An individual can have several personas, each assigned to a particular other individual, such as 
a family member or a friend. The individual allowing one of his personas to be shared is the information provider and the user requesting 
the infonnation is the information requester. The information is taken from both the provider and requester, and used by a vendor in a form^ 
filled out by the information requester. In one embodiment, the information requester is a "gift giver" and the provider is a "gift receiver". 
The gift giver is requesting shipping and other information from the gift receiver, who can grant one of his personas to the particular gift 
giver. The information, along with billing information from the gift giver, is used to fill out a vendor online fonn. 
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METHOD FOR ONLINE INFORMATION SHARING FOR 
COMPLETING ELECTRONIC FORMS 



Background of the Invention 

5 The present invention relates generally to computer software for filling out 

form documents over a computer network. More particularly, the present invention 
provides a method and system for sharing information among users for the purpose of 
automatically filling out fields in an electronic form document. 

The present invention describes a process for purchasing goods and services 

1 0 over an electronic computer network, namely the World Wide Web, for the purpose 
of Gift Shopping. Gift Shopping is defined as the act of buying a good or a service 
(the Product) for another person. Within the scope of the electronic computer 
network. Gift Shopping entails that the Gift Giver release personal information 
pertaining to the billing of the Product, and that the Gift Recipient release personal 

1 5 information pertaining to the shipping, size, and type of the Product. 

Thus, it is desirable to be able to share personal information with other users 
on a network. In such a system, a gift giver, for example, can access certain items of 
information, collectively referred to as a persona, which a gift receiver has indicated 
can be accessed by others. A user can have a number of personas, each one used by a 

20 group of other users or one other user. 
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Summa ry of thf Tnventton 

To achieve the foregoing, methods, apparatus, and computer-readable 
mediums are disclosed which provide an online shopper can share information with 
intended gift receivers. The information sharing can be used on numerous non- 
5 affiliated sites. That is, the sites at which the goods are purchased do not have to be 
within, for example, a portal's shopping mall or any type of "walled garden." Thus, 
the online gift giver can access information of gift receivers from a wide variety of 
non-associated and non-affiliated sites. While there are features similar to 
infomiation sharing within restricted online shopping malls and networks of sites, 
information sharing outside these confines is presently unavailable. 

The present invention is a technique use to gather information from different 
sources to be used to automatically fill in online forms. The information is collected 
using a persona of an individual. A persona is created by filtering a larger set of raw 
data for that user so that only certain fields are allowed to be seen and used by others. 
An individual can have several personas, each assigned to a particular other 
individual, such as a family member or a friend. The individual allowing one of his 
personas to be shared is the information provider and the user requesting the 
information is the information requester. The information is taken from both the 
provider and requester, and used by a vendor in a form, filled out by the information 
requester. In one embodiment, the information requester is a "gift giver" and the 
provider is a "gift receiver." The gift giver is requesting shipping and other 
information from the gift receiver, who can grant one of his personas to the particular 
gift giver. The information, along with billing information from the gift giver, is used 
to fill out a vendor online form. 

In one aspect of the invention a method of allowing an information requester, 
such as a gift giver, to access data from an information provider, such as a gift 
receiver, in order to complete an online merchant form is described. A filtered data 
set is created that contains data the information provider is willling to share with 
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particular third-party users, including the information requester. An online merchant 

form is retrieved from a merchant or service provider site upon request by an 

information requester, the online merchant form having numerous fields. Data from 

the information requester is inserted into the appropriate fields in the form, such as 

5 billing information. Access to the filtered data set is granted by the information 

provider to the information requester. This enables data from the filtered data set to 

be inserted into the appropriate fields in the form, such as shipping information. The 

online form being filled out is from an online merchant or service provider that is not 

necessarily affiliated with other online merchants, such as being in an online shopping 

mall, a " walled garden," or network of sites associated with a portal. 
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Brief Description of the Drawings 

The invention will be better understood by reference to the following 
description taken in conjunction with the accompanying drawings in which: 

FIG, lA is a diagrammatical representation of a system for automatically 
5 filling in electronic form documents in accordance with one embodiment of the 
present invention. 

FIG. IB is a block diagram showing components of a server enabling the 
automatic insertion of data in to an electronic form on a remote computer in 
accordance with one embodiment of the present invention. 
IQ FIG. 2 is a flow diagram of a process for automatically filling in an electronic 

form document in accordance with one embodiment of the present invention. 

FIGS. 3A, 3B, and 3C are table diagrams showing the field names and format 
of registered user data in accordance with one embodiment of the present invention. 
FIG. 4 is a sequence diagram outlining a process of conducting purchasing 
1 5 gifts over a distributed network in accordance with one embodiment of the present 
invention. 

FIG. 5 is a flowchart describing a privacy negotiation for gathering 
information associated with purchasing gifts over a distributed network in accordance 
with one embodiment of the present invention. 
20 FIG. 6 is a block diagram showing the various parties and possible message 

passing between the parties in accordance with one embodiment of the present 
invention. 
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Detailed Description 

Reference will now be made in detail to a preferred embodiment of the 
invention. An example of the preferred embodiment is illustrated in the 
accompanying drawings. While the invention will be described in conjunction with a 
5 preferred embodiment, it will be understood that it is not intended to limit the 
invention to one preferred embodiment. To the contrary, it is intended to cover 
alternatives, modifications, and equivalents as jnay be included within the spirit and 
scope of the invention as defined by the appended claims. 

A method and system for automatically filling in electronic forms on a 
computer and not requiring a user to download or install any resident software on the 
computer is described in the various figures. As the presence of merchants and 
services increases on the Internet, electronic commerce or e-commerce will grow. 
More and more consumers will resort to the Internet, for example, to purchase goods 
and services for themselves or others (e.g., gift shopping). This will typically require 
1 5 the consumer/user to provide at least some data, either the users own or another 

individuals, to the merchant typically through filling out an electronic form having 
various fields, most commonly names, addresses, credit card numbers, phone 
numbers, etc. For consumers purchasing goods fi-om numerous merchant sites and 
possibly using different computers (e.g. using a computer at work, using another 
20 computer at home, and yet another one while travelling), manually filling in these 

forms repeatedly can become tedious and inefficient. The present invention seeks to 
alleviate the burden of filling in electronic forms, while informing the consumer/user 
of privacy precautions taken by a particular merchant site, and not require the user to 
download any resident software. Inherent in the latter feature is allowing the 
25 consumer to use the processes of the present invention from any computer connected 
to the network, the Internet in particular. 

The present invention uses a remote server or "privacy bank," a novel 
electronic resource that responds to requests for data by preparing and transmitting a 
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specialized document in the form of a JavaScript. This JavaScript is formed 
dynamically by the privacy bank upon receipt of the request for data. The JavaScript 
created by the privacy bank is a "profile" or mapping between field names in a 
particular form the user needs to fill in at a particular merchant site (e.g. 
5 "www.fishermanstore.com" ) and standardized field names stored in the privacy 
bank server. Once the user's browser program is served this profile from privacy 
bank, most of the fields in the fishermanstore form are automatically filled in. In the 
described embodiment, the user becomes a member of the privacy bank resource by 
providing personal information, also referred to as the raw data, to privacy bank once. 
10 This raw data can be updated from time to time by the user if desired. In addition, 

several filtered raw data sets or " personas" can be created for use by others who may 
need to access the user's information. In another embodiment, the user can enter 
privacy rules or requirements once when initially becoming a member. The user does 
not need to download any software from privacy bank or any other resource. In the 
15 described embodiment, the merchant {e.g. The Fisherman Store) becomes an affiliate 
member of the privacy bank network by providing a sample document of its form or 
forms. Privacy bank can then build a mapping between fields in the merchant's form 
and the standardized fields in its own database. 

FIG. 1 A is a block diagram of a system for automatically filling out electronic 
20 form documents in accordance with one embodiment of the present invention. A 
number of end-user computers are shown on the right side of the diagram. These 
computers can be client computers in a network with access to the Internet or be part 
of an intranet. In the described embodiment an end-user computer 102 is a stand- 
alone computer with access to the Internet and contains an Internet browser program, 
25 a browser window for which is shown at 1 04. In the center of the diagram is a 

number of Web servers. A particular Web server 106 is a server for a merchant Web 
site, such as www . fi shermanstore . com to which users or consumers can visit to 
purchase goods online over the Internet. On the left side of the diagram is a 
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specialized electronic resource referred to in the described embodiment as a privacy 
bank server computer 108, also connected to the Internet. 

The process of automatic electronic form completion begins with a user 
downloading the form from a Web site such as fishermanstore site. Returning to FIG. 
5 1 A, a user/consumer on computer 102 ("user 102") opens a browser window 104 in 
an Internet browser program such as Netscape Navigator or Internet Explorer, 
depicted by arrow 1 1 0. User 1 02 then goes to w^v^^^flshem^an^tnr^ nnn. shown by 
arrow 1 12 via the browser and decides to purchase goods. User 1 02 then downloads 
fi-om the Web site contained on Web server 106 an electronic purchasing form that 
needs to be completed as depicted by arrow 114. A purchasing form 1 16, typically an 
HTML document, is returned and downloaded into and displayed in browser window 
104. At this juncture, user 102 would normally have to "manually" fill in each field 
in purchasing form 1 16. Much of this information is typically standard: name, 
address, phone number, payment method, user email address, etc. In accordance with 
1 5 one embodiment of the present invention, user 1 02 can " click" on a privacy bank 
icon or button in form 1 16 and have the form automatically filled in. 

As stated earlier, it is assumed in this discussion that 
www.fishermanstore.com is registered with and thus an affiliate member of the 
privacy bank service assessable fi-om privacy bank server 108. Being an affiliate 
member of the privacy bank service, purchasing form 1 1 6 contains a privacy bank 
icon or button 118. By clicking on privacy bank icon 1 1 8, user 102 essentially 
completes a process for automatically filling in form 1 16 by transparently 
transmitting a completed form to the privacy bank service on server 108, depicted by 
an arrow 120. The information needed for filling in the form is transmitted to user 
102 once form 1 1 6 (an HTML document) is parsed, which occurs when form 1 1 6 is 
downloaded. This process is described in greater detail in FIG. 4. User 102 informs 
privacy bank server 108 of the identity of the user and of which Web site and which 
form on that Web site (if more than one) the user wishes to have filled in. This 
information is transmitted to privacy bank server 108, unbeknownst to user 102, when 
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ed. Teclmiques for accomplishing this are described below 
Once privacy bank server 1 OR r<.. • oeiow. 

'"''"'^"^^^fr°--8-tere^ 
of an external link in form 1 16 executed when the fon. " . 
h . " IS parsed by user 1 02) it 

raw, generally personal, data associated with user 102 Th. 
0 below, once .ceive. by .e b.o„se, p.o,™ _ J^^^ , 

When user 102 presses or H.Vi. • 

presses or clicks on pnvacy bank icon n s ri. ■ ^ 

— e.™„..3....„.Me„n„.e.oj;:r^^^^ 

ino^^ J -1 program. At this juncture user 

^b... .e fo™. pe*ap3 .«e. ..e»., ,e «.He™ans.o..3 We. ..e pHva y 
safeguards or for any other reason. 

no. ,B is a block aiagranr sho^g co.ponen« of a privacy W server 

enaMn.g.ea„on.a.cn„,ng.ofe.c„o„.cfo™sonare„,o.ensecornpr: 
pnvacy ba„.server,sucbasserver,OS:„no.,.,co„..sseve.<,c.Llt 

lomi 116. Shown in FIG m • ^ 

. " '^^^P^"-"^^ Of a privacy bank server in 

the described embodiment Th^ "^ut server m 

" '^^"^^"^"^^ ^^°-He areas include a raw data 
profile storage area 128, a fonn mapping storage area 1 .0 
m^H I ^ ^ ^ negotiation history 

-u,e,3.anaas.ppab,eeo.econs,r.c.or,3..Kaw.a.pro.es.oragel,3. 
on^sse.sof.a.are,a«ng.oreg..ere..se.of.epHvacyban,serv.eonel 
...esbo™.areaua..reg..ereauser.asa„n..eacco»n..ber.a.r: 
-edasa„.den..fierandapass„ord.sho™inanarea.38 The standard f M 
-..ep.vacyha.serv.e,d,sc„ssed.g„a.erdet..„J.:™^^^^ , 
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are paired with a user entered data string (such as first name or home street address), 
followed by a use-preference condition. This data is contained in an area 140. 
Another profile for another registered user is shown in an area 142. Each registered 
user has a similar raw data profile. 
5 Form mapping area 1 30 includes multiple form mappings, an example of 

which is shown in an area 144. Each electronic form that is registered with the 
privacy bank service by an online merchant or seller {i.e. an affiliate member) has a 
form mapping. A privacy bank standard field name, as discussed below in FIGS. 3A, 
3B, and 3C, and as mentioned above in area 140, is matched or mapped with a "non- 

1 0 standard" field name from the electronic form registered with the service. For 

example, a non-standard field name for a person's last name could be " Last Name," 
" Surname" or simply "Last." Different forms use different variations of names for 
this field and for other fields. This would be mapped against the privacy bank 
"standard" field name, which in the described embodiment, is "PersonName.Last." 

1 5 Also contained in area 1 46 is a practice-preference condition provided by the online 
merchant or seller when registering the form. As with the use-preference condition in 
area 140, this condition is used by negotiation history module 150 and shippable code 
constructor 134, and is discussed in greater detail below in FIG. 7. Another mapping 
148 having the same format for another registered form follows area 144. 

20 Negotiation history module 132 is used to determine which fields in the 

electronic form will be automatically filled in by the privacy bank server. A process 
associated with negotiation history module 132 is described in greater detail in FIG. 
7. Module 132 includes multiple negotiation objects, an example of which is shown 
in an area 150. In the described embodiment, each negotiation object corresponds to 

25 one " non-standard" field in the form. Described briefly, negotiation object 1 50 

contains information as to whether the field in the form should be filled in based on 
privacy and use preferences set by the user (as conveyed in use-preference condition 
in area 140) and compared to intended practices (as conveyed by practice-preference 
condition in area 146). This comparison is performed in the negotiation history 

9 
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module, which includes a negotiator or comparator for comparing these conditions. 
Specific conditions in the described embodiment are described below. If it is 
determined that the non-standard field in the form will be filled in, a data string, 
shown in area 140, will be included in negotiation object 150. Shippable code 
5 constructor 134 accesses component 132 and storage areas 128 and 130, to derive a 
software module to be transmitted to a user computer. In the described embodiment, 
the software module is a JavaScript program which is transmitted to and executed by 
a browser in the user computer, thereby inserting the data strings into the form fields. 
FIG. 2 is a flow diagram of a process for automatically filling in electronic 
1 0 forms in a computer network in accordance with one embodiment of the present 
invention. The process described below can be performed in a configuration of 
servers and computers as described in FIG. 1 A above. At a step 202 an online 
user/consumer desiring to purchase certain goods on the Internet downloads an 
electronic form for making a purchase into the user's browser program. At step 204 
1 5 the browser parses the electronic form content, typically an HTML document, to 
identify all extemal links. As is commonplace for Web pages, the HTML contains 
links to other extemal Web sites from which content or other types of data is 
retrieved. In many instances, a Web page is a composite of different components 
from various sites embedded in a core HTML documem. An example is an external 
20 , link to an ad server to retrieve a banner ad component of a core HTML document. In 
this case, the electronic form can be seen as a core HTML document. This parsing is 
done automatically by the browser and is a well known feature. 

At step 206 the browser identifies an extemal link to the privacy bank server. 
In the described embodiment, this link will necessarily be present since the Web site 
25 is an affiliated site of the privacy bank service network of registered sites. A 

description of what "registered" implies in this context is described in greater detail 
below. At step 208, the browser executes the extemal link to connect the browser to 
the privacy bank server. The extemal link is referred to in the described embodiment 
as a shippable code link to the privacy bank server. The shippable code in this 

10 
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context is a JavaScript program that is transmitted from the privacy bank server to the 
user computer and browser. This shippable code enables the electronic form to be 
filled in automatically in a process that is described in greater detail below. At step 
210, once the privacy bank server has been contacted via the shippable code link in 
5 the electronic form, the privacy bank server determines whether the user computer or 
browser has a valid state identifier, referred to as a "cookie", previously assigned to it 
by the privacy bank server. A cookie is an identifier assigned by a Web site, whether 
a Web server or a server such as the privacy bank server, to a user/visitor when the 
user visits the Web site for the first time in a given session (the time from which a 
1 0 user logs onto the Web and the time he or she exits the Web by exiting the browser). 
The cookie, assigned by a Web site, belongs to a particular user. In the described 
embodiment, the user keeps this cookie during its session (a temporary cookie) and if 
the user goes back to that Web site during that session, it shows the Web site that 
cookie from which the Web site can identify the user and retrieve characteristics of 
1 5 that user from its data repository. As is known in the art of Internet application 

programming, cookies can also be permanent in that they subsist with a user after the 
user has logged off the browser and can be used again in a new session. The concept 
and implementation of cookies themselves are well known in the field of Internet and, 
more generally, computer network programming. 
20 If the privacy bank server determines that the user computer or browser does 

not have a valid cookie, it implies that the user has not yet logged into the privacy - 
bank service. If so, control goes to step 212 where the privacy bank server retrieves a 
login sequence code. This code will trigger a login sequence and enable the user to 
log in to or register with the privacy bank service at a later step in the process, as 
25 described in greater detail below. At step 2 1 4, the privacy bank server forms a 

completed package of shippable code containing the retrieved login sequence code, 
such that the login sequence will be triggered at a later step in the process. At step 
222, the browser retrieves this completed package of shippable code from the privacy 
bank server. The shippable code is then stored in the browser residing on the user's 
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computer, and is executable upon a user trioa^r • a 

^ user trigger, which is described in greater detail 

below. 

If *e privacy bank server determines 4a, ,he user/browser „.ak,„g c„„.ac, by 
downloading ,he electronic forn, and executing the extetna, liri. has a valid cookie 
5 control goes to step 216 where ,he privacy bank server gets and reads the usefs 

cookie. In this context, having a valid cookte indicates that the user has already gone 
through the login sequence recently, for example during the existtng Internet session 
and thus i, is not necessary for the user to go through the login sequence again By ' 
reading flte usefs cookie, the privacy bank server can determine who the user is and 
. 0 thus can retrieve the user's raw data stored by privacy bank. 7„e contents and fonnat 
of ,h,s raw personal data is described in greater detail in F,GS. 8A, 8B, and 8C below 
A. step 218, the privacy bank server retrieves the user data for the user identified by 
the valid cookie. The privacy bank server couples this user data and an .dentifier 
such as a URI. (uniform resource locator), to determine how the electronic form 
1 5 document should be filled. At step 220. the privacy bank server forms a completed 
package ofshippable code (item I24inFIG. 1 A) containing the user data d,at will be 
used to All out the fonn document. ,n the described embodiment, tins shippable code 
teferred to as a profile, is in the form of a JavaScript program. This shippable code is 
fonned fi-om information in the privacy bank memory that will enable the form 
20 document to be filled ou, automatically at a step later in the process. A, step 222 the 
browser receives the shippable code, or profile, from tire privacy bank server and 
now has access to i, on the user computer, if desired by the user. TOs profile is stored 
m the browser residing on the user's computer, and is executable upon a user .rigger. 
Assuming ate user wants to have the electronic fonn automatically filled o« 
25 using privacy bank, he or she executes a user trigger. In the described embodiment 
.h.s nigger occurs when the user clicks on an "autoflir button contained in .he form 
and associated witi, privacy bank at step 224. By clicking on the au.oflll button the 
user allows the browser to execute the shippable code or profile stored thereon. A, 
step 226, 4e shippable code determmes whether it contains user data which would 
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permit it to fall out the form document. If user data is contained within the shippable 

code residing on the browser, control goes to step 234 where the browser utilizes the 
shippable code and user data to fill out the electronic form document. Of course, user 
data being present in the shippable code is dependent upon the browser having a pre- 
5 existing valid cookie when the form document was initially retrieved, as described 
above. 

If, however, user data is not contained within the shippable code residing on 
the browser, control goes to step 228 where the login sequence is initiated in order to 
identify the presently unknown user. The shippable code utilized by the browser in 

10 this step contains the login sequence code, which is a resuh of the browser not having 
a pre-existing valid cookie when the form document was initially retrieved, as 
described above. Once the user completes the login sequence at step 228, the privacy 
bank server assigns a cookie to the user/browser thereby enabling it to recognize the 
user and messages from the user's browser in subsequent transactions. At step 230, 

1 5 the privacy bank server retrieves the user data for the identified user, couples this user 
data and an identifier, such as a URL (uniform resource locator), to determine how 
the electronic form document should be filled, and forms a completed package of 
shippable code containing the user data that will be used to fill out the form 
document. This step is substantially similar to steps 21 8 and 220, as described above. 

20 At step 228, the browser receives the shippable code, or profile, fi-om the privacy 

bank server, and now has access to it on the user computer. This shippable code now 
contains user data that allows the form document to be filled out automatically. At 
this stage, control proceeds to step 234, where the browser utilizes the shippable code 
and user data to fill out the electronic form document. Further input from the user, 

25 such as re-clicking on the " autofill" button, is not required. In other words, once the 
user properly completes the login sequence, the form is then filled out automatically, 
and it is not necessary for the user to click on the " autofill" button again. 

At step 236, the user visually examines the filled out form and the privacy 
features offered by the Web site and decides whether the form is acceptable. If the 
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user finds that the form needs further adjustment, the user adjusts the document at 
step 238, This may be done manually, or through any supplemental automated 
process, such as a client-based macro. This can involve filling in fields that could not 
be filled in by the profile sent by the privacy bank server (in other words, fields that 
5 could not be filled out from the raw data). Such fields can include, for example, 
which items being purchased and the quantity of items. It can also include updated 
personal information such as a new address or credit card number. In this case, the 
user simply types over the information already in the fields. Control then returns to 
step 236, which is satisfied presumably after going through step 238 once. At step 
1 0 240 the browser submits the filled out electronic form eventually sending it to the 
merchant's Web server once the user clicks on a Submit form button in the browser 
window.. In the described embodiment, the filled out form is first sent to the privacy 
bank server unbeknownst to the user or at least transparent to the user. The 
completed form is received and examined by the privacy bank server which updates 
1 5 its raw data repository to reflect any changes the user may have made to his or her 
personal information. The privacy bank server then posts a message back to the user 
computer (according to HTTP protocol the server must send a message back to the 
user computer when it receives an HTML document from it). In the described 
embodiment, the message it sends back or posts to the user's browser is similar to a 
20 " Click Here To Continue" type screen to the user. Hidden behind this message is the 
completed form that was sent to the privacy bank server. Presumably, the user will 
click to continue and by doing so transmits the hidden completed form to the 
merchant's Web server. In other preferred embodiments, the completed form is sent 
to both the privacy bank server and the merchant's Web server at the same time. In 
25 yet another preferred embodiment, the completed form is posted automatically from 
the privacy bank server directly to the merchant's site without any additional input 
from the user. At this stage the automatic form filling process is complete. 

FIGS. 3A, 3B, and 3C are high-level table diagrams showing how fields 
containing the raw data and preferences for a user are organized on the privacy bank 
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server in accordance with one embodiment of the present invention. A top-level User 
table 302 has four columns: User 304, Category 306, Type 308, and Short display 
name 310. User Table 302 has four areas of data under column User 304 represented 
by four rows; Home 312, Work 314, Billing 316, and Shipping 318. In the described 
5 embodiment, the user is presented with these four areas of data when registering with 
the privacy bank service and enters information by going through each of these data 
areas. Skipping Category 306 for the moment, column Type 308 takes the raw data 
tree down one level from the top level represented by table 302, For example, the 
Type for data area Home 3 1 2 is Info. This performs as a pointer or link to an Info 

1 0 table 320. The first column 322 of table 320 is labeled Info but the other three 

columns are the same as shown in table 302; that is. Category 306, Type 308, and 
Short display name 3 1 0. 

At table 320, the user begins entering data that will be used for her home 
information and for Shipping since data area 318 for Shipping in table 302 also has an 

15 Info in its Type column 308. A Name row 322 has in its Type column 308 a 

reference to yet another table PersonName, shown as table 324. Similar to table 302 
and 320, PersonName table 324 has a first column labeled PersonName and the same 
three columns as the other tables. All five data areas in PersonName table 324: 
Prefix, First. Middle, Last, and Suffix have as a Type a primitive type referred to as 

20 Text in the described embodiment. Text represents a data string that is the actual data 
item stored in the privacy bank server. By examining the Type column 308 of each of - 
the data areas, a user enters all the raw personal data. An actual data item is entered 
at each Type box containing Text, indicating a primitive type, or a leaf node when 
viewed as a tree structure. If the Type column does not contain "Text," another table 

25 exists that refines the data area further. 

To follow another example, under the data area BiUing 316 shown in table 
302, its Type 308 indicates BiUInfo and not Text. A table BiUInfo has six further data 
areas, none of which have a Text Type, so no actual data values can be found at this 
level. Taking the CreditCard data area as an example, its Type indicates 
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CraditCard Table Credi.Card. shown i„ FIG. 3C. has four da,a area.- Type 
Number, ExpMon*. and ExpYear. all of which are of Type Tex, which contain 

actual data values. 

Short display name column 310 contains a string that is displayed to the user 
5 through a user registration graphical user interface of «,e described embodiment The 
user follows the data tree via a user interface using the Short display name strings as 
field names or guides to entering the data. The data areas that have primitive Types 
which in the described embodiment is Text, are the privacy bank field names that arl 
mapped wiflr the legacy field names in the electronic fonrts registered with the 
service. In the described embodiment, the privacy bank names include (in 
abbreviated form): 
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PersonName.Prefix Address Strppti du 

PersonName.First Addre^cQ^l^ PhoneNum.AreaCode 

15 PersonNameXast AddSss r v PhoneNum.Nuinber 

PersonName.Suffix AddSssfSprov ^^^-^^--Extension 



Address.PostalCode 
Address.Country 

lntemet.HomePage Employment.Department 
CreditCardType Employment. JobTitle 

CreditCard.Number 
25 CreditCard.ExpMonth 
CreditCard.ExpYear 

Category column 306 is related to privacy settings set by the user and are tied 
to «,e preferences set by a user and defmed in temrs of a,e conditions as described 

30 above. The conditions or use thresholds in the described embodimem are marketing 
(targeted), system administration, personalization, research and development and 
completion of activity (/... ordering). The Categories available in the described 
embodimem and as shown in the tables of FIGS. 3A. 3B, and 3C, are Physical 
Contact Information, Online Contact Information, Demogtaphic Data, and Financial 

35 Data. The relationship between the Categories and the conditions of the described 
embodiment can be described as a table five-row, four-column table (a 20 cell table) 
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where each condition is one row in the table and each Category is one column in the 
table. 

The present invention is an extension to a Form AutoFill Server using 
Personal Infomiation sharing between Individuals to fill in electronic forms that are a 
5 part of the Form AutoFill and/or Gift Shopping service (the Service). The Form 
AutoFill Server is used to dispatch JavaScript code to the Web Browser, which 
enables the form to be filled. The Form AutoFill Server is a use of a Light Code 
Server, which serves Shippable Code Segments that are executed on the Web 
Browser's machine. By allowing Individuals to share their information with other 

1 0 Individuals, the Form AutoFill Server can provide data elements from two or more ' 
Individuals during a Privacy Negotiation (see Privacy Negotiation), 

The essence of Gift Shopping is that more than one Persona is used to fill a 
form. A Persona is defined as a data repository containing an Individual's personal 
information along with the privacy preferences that indicate how the Individual wants 

15 his or her data treated. Users of the Service may have multiple Personae as well as 
permission to use parts of other Individuals' Personae. There are two kinds of Gift 
Shopping that need to be covered. The first is Gift Shopping for people who are not 
necessarily subscribers/members of the Service. The second is Gift Shopping for 
people who are subscribers/members of the Service. In the latter case, we have to 

20 cover the mechanism for releasing permission to use a Persona of an Individual by 
another Individual for Gift Shopping purposes. 

FIG. 4 is a flow diagram of a process of an Individual (Gift Giver), who is Gift 
Shopping online and purchases a product from a Product Vendor that subscribes to 
the privacy bank service. They would like to buy a Product 401 that the Vendor is 

25 offering through an online form. The Gift Giver commands the browser to request a 
form from the Vendor 402. The Vendor returns the document to the browser 403, 
which in turn displays the form to the Gift Giver 404. The Gift Giver clicks the 'Gift 
Shop' button 405, which is embedded in the HTML form at the Vendor's web site. 
The 'Gift Shop' button is the trigger that requests the Gift Recipient Selection form 
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from the Service 406. Since the intended Recipient is not a member of the Service, 
the Gift Giver may elect to create a new Persona or use a Persona that they have 
created in the past for Gift Shopping 409. The Gift Giver must fill in shipping 
information and any information related to the Product for a new Persona. During the 
5 selection of the Gift Recipient, a session parameter is set to identify which Persona to 
use for a Gift Recipient 410 when the Privacy Negotiation is to be conducted. After 
completing the Recipient creation, the browser is sent a document 41 1 that 
automatically requests the HTML form from the Vendor 412. The HTML form is 
returned to the browser 413, which again displays the form to the Gift Giver 41 4. 

1 0 Each time the form is loaded, it makes a request to the Form AutoFill Server, which ' 
conducts a Privacy Negotiation (see Privacy Negotiation) between electronic agents 
representing the Vendor, the Gift Giver, and the Gift Recipient if the Gift Giver is 
logged into the Service. JavaScript code is remmed to the browser and executed there 
415, filling the form with the results from the Privacy Negotiation. The Gift Giver 

1 5 then submits the form by clicking a ' Submit' button 4 1 6, which commands the 

browser to post the submission to the Service 417. After processing the submission, 
the browser receives a document 41 8, which commands the browser to submit the 
information to the Vendor's Web Server 419. 

A Gift Giver, who is Gift Shopping online, visits a Product Vendor that 

20 subscribes to the Service. The Gift Giver would like to buy a Product the Vendor is 
offering 401 . The browser requests an HTML form from the Vendor 402. The HTML 
form is returned to the browser 403, which is then displayed to the Gift Giver 404. 
The Gift Giver cHcks the 'Gift Shop' button 405, which makes the request for the Gift 
Recipient Selection form from the Service 406. The 'Gift Shop' button is embedded 

25 in the HTML form at the Vendor's web site. The Gift Recipient Selection Page is 
returned to browser 407, which is displayed to the Gift Giver 408. The Gift Giver 
may select a Recipient's Persona 409 that has been made accessible to the Gift Giver 
by the Gift Recipient (see Sharing Personae). The browser posts the Gift Recipient 
Selection to the Service 410. The browser is sent a document 41 1 that automatically 
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requests the HTML form from the Vendor 412. The HTML form is returned to the 

browser 413, which again displays the form to the Gift Giver 4 1 4, Each time the form 
is loaded, it makes a request to the Service, which conducts a Privacy Negotiation 
(see Privacy Negotiation) between electronic agents representing the Vendor, the Gift 
5 Giver, and the Gift Recipient if the Gift Giver is logged into the Service. JavaScript 
code is returned to the browser and executed there 415, filling the form with the 
results fi-om the Privacy Negotiation. The Gift Giver then submits the form by 
clicking a 'Submit' button 416, which commands the browser to post the submission 
to the Service 417. After processing the submission, the browser receives a document 
10 418, which commands the browser to submit the information to the Vendor's Web 
Server 419. 

A Privacy Negotiation is the process of determining if a Vendor's stated 
Privacy Practices meet the requirements of an Individual's Privacy Preferences. A 
standard Privacy Negotiation is conducted between a single Information Buyer 

1 5 (Vendor's agent) and a single Information Seller (Individual's agent). In the case of 
Gift Shopping the Information Seller is a composite of Personae, which are separate 
Information Sellers. This composite Persona is achieved through a networked 
solution. A Message Router is used to direct BIDs fi-om the Information Buyer to the 
Information Seller that they apply to. Each Information Seller connected to the Router 

20 has a mask assigned which controls which BIDs route to them based on what part of 
the Service's personal information data schema is being requested. This is the same 
model as an electronic computer network router, which routes data packets to a given 
machine based on the routing table of the router. Using this model allows for the 
individual Personae (Information Sellers) to respond to a BID based on the Privacy 

25 Preferences stored in the Persona that the BID gets routed to. 

FIG. 5 is a flow diagram of a Privacy Negotiation that begins by requesting if 
the Information Buyer 501, which is an agent for the Vendor in the current model, has 
any more BIDs. If Yes, the Privacy Negotiation records the BID in its transaction 
history and forwards it to the Information Seller 502, which is a Message Router in 
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the case of Gift Shopping. The Message Router receives the BID 503, and determines 
if it is intended for the Gift Giver's Information Seller or the Gift Recipient's 
Information Seller based on the mappings that define Gift Shopping 504. In the 
instance there is no gift shopping, control from 503 goes straight to 508 where it is 
5 determined if the BID meets certain privacy preferences of the information seller. 

Returning to step 504, if the BID is intended for the Gift Giver's Information Seller, it 
receives the BID 505. If the BID is intended for the Gift Recipient's Information 
Seller, it receives the BID 506. The BID is considered by the Information Seller that 
receives it 507. The Information Seller determines if the BID meets the Privacy 
1 0 Preferences stored inside of it 508 . If the BID is accepted, an ACCEPT message is 

sent as the reply 509. If the BID is rejected, a DENY message is sent as the reply 510. 
The Message router receives the response from the Information Seller it sent the BID 
to and forwards the response to the Privacy Negotiation 51 1 . The Privacy Negotiation 
records the response in its transaction history in step 512 and returns to step 501 . If 
1 5 the Information Buyer has no more BIDs, the Privacy Negotiation is complete. 

In order for an Individual (Gift Giver) to use another Individual's (Gift 
Recipient) Persona, the Gift Recipient must explicitly grant access to the Gift Giver. 
A Gift Giver may request access from a Gift Recipient, after which the Recipient may 
grant or deny access. A Gift Recipient may also add a Gift Giver without receiving a 
20 request. Once access is granted, the Gift Recipient is added to the Gift Giver's list of 
Gift Recipients for use while Gift Shopping. 

FIG. 6 is a block diagram showing the various parties and possible message 
passing between the parties in accordance with one embodiment of the present 
invention. The parties shown are the vendor or store merchant, a gift giver 
25 (information requester) and gift recipient (information granter). In between the 

parties is a message router that is part of the privacy bank server. A vendor sends out 
a BIDS which is routed by the message router. The BIDS billing portion is sent to the 
gift giver and the BIDS shipping information is sent to the gift receiver. Both the gift 
receiver and gift giver reply with either an Accept or Deny to the BIDS request. The 
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Accept or Deny messages from the parties are then sent to the Vendor. If the gift 

receiver sends a Deny message, he is indicating that he does not want to share his 
information with the gift giver. Although it is possible for the gift giver to deny the 
BIDS shipping request, it is unlikely since he is typically the one requesting the 
5 information from the gift receiver. Once the vendor receives the messages, it acts 
accordingly by either shipping out the goods or sending a message to the gift giver 
that the BIDS shipping information request was denied. 

Although the foregoing invention has been described in some detail for 
purposes of clarity of understanding, it will be apparent that certain changes and 

1 0 modifications may be practiced within the scope of the appended claims. 

Furthermore, it should be noted that there are alternative ways of implementing both 
the process and apparatus of the present invention. Accordingly, the present 
embodiments are to be considered as illustrative and not restrictive, and the invention 
is not to be limited to the details given herein, but may be modified within the scope 

1 5 and equivalents of the appended claiins. 
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Cl^AIMS 

What is claimed is: 

10 primao- data file; and ""'"^ "Aen from , he firs, 

.a..or::Lt:!rdr:^^^^^^^^^^^ 

an online fonn such that certain data iten,. ! "'"^ '^^"^P^^te 

^ u^e. a. .a.e„ .e Wd^rr^r-^^^^^^^^^^^ - - 

2. ^"^^*°dofsharinginfonnation as recited in claim Iwh • 
more secondary data profiles farther comprises selecting J °^ 
the non-filtered set of data that the fir,t ^ ^^^^ ^"^^^^ ^O"^ 
computer network users. " "'^"'^ ^^^^^ °- or more 

3. A method of sharing infonnation as recited in claim 1 • 
more secondary data profiles iurther comprises ere "nfa 

specific computer network user. ^ secondary data profile for a 
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the secondary data profile relating to shipping and specific characteristics of the first 
user and taking data fi-om the second primary data profile relating to billing. 

8. A method as recited in claim 1 further comprising automatically filling in an 

5 online form with data from the third data set once the first user has been selected by a 
second user. 

9. A method as recited in claim 8 further comprising requesting access to use the 
secondary data profile in response to a notification to a fill in an online form 

10 

1 0. A method as recited in claim 9 fiirther comprising granting access to the 
secondary data profile thereby enabling a computer network user to fill in the online 
form. 

15 11. A method of allowing an information requester to access data from an 
information provider in order to complete an online merchant form, the method 
comprising: 

creating a filtered data set containing data the information provider is willling 
to share with particular third-party users, including the information requester; 
20 retrieving an online merchant form upon request by an information requester, 

the online merchant form having a plurality of fields; 

inserting data from the information requester into a first subset of the plurality 
of fields; and 

granting access to the filtered data set by the information provider to the 
25 information requester so that data from the filtered data set is inserted into a second 
subset of the plurality of fields, wherein the online merchant form is from an online 
merchant not affiliated with any other online merchant. 

12. A method as recited in claim 1 1 wherein the online merchant is not associated 
30 with a network or group of other online merchants. 

13. A method as recited in claim 1 1 further comprising: 

dynamically updating the filtered data set by the information provider such 
that the information requester has access to only updated information. 
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14. A method as recited in claim 1 3 wherein the filtered data set can be updated 
by editing an underlying un-filtered data set under the control of the information 
provider. 
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